Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and digital security. We start with Sono Bello, a healthcare services provider, reporting a data breach exposing sensitive customer and employee information. The Barbados Revenue Authority is also investigating a breach of its vehicle registration data. In other news, Brown Integrated Logistics and MEMC LLC have filed notices of data breaches with the Attorney General of Montana. Meanwhile, Dell suffers a second security incident exposing internal employees' data.

For small business owners, we have an article on what you need to know about the vast and evolving landscape of digital security. We also cover how Chattanooga State is promoting cybersecurity and data safety. In response to data breaches, we discuss how plan security relies on vetting third-party providers and how to respond to a cyber breach. We also share tips on how to protect yourself from a data breach.

Finally, we delve into the latest research highlighting that at least a quarter of businesses don't know where their sensitive data is. Stay tuned for more updates and stay safe online!

Data Breaches

1. Sono Bello Data Breach: Sono Bello, a healthcare services provider, reported a data breach that exposed sensitive information of customers and employees. The breach was reported to the Attorney General of Montana. Source: teiss
2. BRA Data Breach: The Barbados Revenue Authority (BRA) and police are investigating a reported breach of its vehicle registration data. The extent of the breach and the data compromised is yet to be determined. Source: Barbados Today
3. Brown Integrated Logistics Data Breach: Brown Integrated Logistics, Inc. filed a notice of data breach with the Attorney General of Montana. The details of the breach, including the number of individuals affected and the type of data compromised, have not been disclosed. Source: JD Supra
4. MEMC Data Breach: MEMC LLC, a subsidiary of Global Wafers, filed a notice of data breach with the Attorney General of Maine after discovering unauthorized access to its systems. The extent of the breach and the data compromised is yet to be determined. Source: JD Supra
5. Dell Data Breach: Dell suffered a data breach that exposed internal employees' data. The breach was reported in September 2024, and the threat actor has released a small amount of the compromised data. Source: CPO Magazine

Security Research

1. New Research Highlights at Least 1/4 of Businesses Don't Know Where Their Sensitive Data Is: A recent study by Normalyze reveals that at least 25% of businesses are unaware of the location of their sensitive data, emphasizing the need for improved Data Security Posture Management (DSPM). Source: GlobeNewswire
2. Hacker receives appreciation letter from NASA for uncovering security flaws: NASA has recognized the efforts of an independent security researcher who identified critical vulnerabilities, highlighting the importance of ethical hacking in improving cybersecurity. Source: Tribune
3. Critical Zimbra Vulnerability Exploited One Day After PoC Release: Security researchers have raised concerns about the exploitation of a critical vulnerability in Zimbra just a day after the Proof of Concept (PoC) was released. This underscores the urgency of patching vulnerabilities promptly. Source: SecurityWeek
4. Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw: Cybersecurity researchers have warned about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra, emphasizing the need for immediate remediation. Source: The Hacker News
5. New security protocol shields data from attackers during cloud-based computation: Researchers have developed a technique that guarantees data security during multiparty, cloud-based computation. This method leverages advanced encryption protocols to protect data from potential attackers. Source: ScienceDaily

Top CVEs

1. CVE-2024-47609 - Remote DoS Attack in Tonic gRPC Client & Server: A remote DoS attack vulnerability has been identified in the tonic::transport::Server, which can cause the server to exit cleanly upon accepting a TCP/TLS stream. The issue arises from improperly covered errors that cause the accept loop to exit. Upgrading to tonic 0.12.3 and above resolves the issue. Source: CVE-2024-47609
2. CVE-2024-9400 - Memory Corruption Vulnerability in Firefox & Thunderbird: A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 115.16. Source: CVE-2024-9400
3. CVE-2024-9393 - Arbitrary JavaScript Execution in Firefox & Thunderbird: An attacker could execute arbitrary JavaScript under the resource://pdf.js origin via a specially crafted multipart response. This could allow them to access cross-origin PDF content. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 115.16. Source: CVE-2024-9393
4. CVE-2024-9401 - Memory Safety Bugs in Firefox & Thunderbird: Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 115.16. Source: CVE-2024-9401
5. CVE-2024-9341 - Improper Validation in Go Library: A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host. Source: CVE-2024-9341

API Security

1. LibreNMS Vulnerable to Stored Cross-site Scripting via File Upload: LibreNMS, a network monitoring system, has been found to be vulnerable to Stored Cross-Site Scripting (XSS) attacks via file upload. The vulnerability allows users with admin roles to upload SVG files containing XSS payloads, which can trigger onload. This can lead to malicious JavaScript code execution, impacting other admin role users and Global Read role users. Normal users are not affected as they do not have permission to read the file. Source: Vulners
2. CVE-2024-47609 - Tonic gRPC Client & Server Vulnerability: Tonic, a native gRPC client and server implementation with async/await support, has a remote DoS attack vulnerability. This can cause the server to exit cleanly on accepting a TCP/TLS stream if the accept call errors out. This can be triggered by causing the accept call to error out with errors that were not covered correctly, causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, data breaches continue to be a major concern across various sectors, from healthcare to logistics. It's a stark reminder of the importance of robust digital security measures for businesses of all sizes. Remember, even the smallest businesses are at risk.

So, stay vigilant, stay informed, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, keep those data fortresses secure!